| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 02 Mar 2022 08:43:54 -0600
From: "Eric W. Biederman" <ebiederm@...ssion.com>
To: Luis Chamberlain <mcgrof@...nel.org>
Cc: Shakeel Butt <shakeelb@...gle.com>,
Colin Ian King <colin.king@...onical.com>,
NeilBrown <neilb@...e.de>, Vasily Averin <vvs@...tuozzo.com>,
Vlastimil Babka <vbabka@...e.cz>,
Michal Hocko <mhocko@...e.com>,
Roman Gushchin <roman.gushchin@...ux.dev>,
Linux MM <linux-mm@...ck.org>, netdev@...r.kernel.org,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, Tejun Heo <tj@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Eric Dumazet <edumazet@...gle.com>,
Kees Cook <keescook@...omium.org>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
David Ahern <dsahern@...nel.org>, linux-kernel@...r.kernel.org,
kernel@...nvz.org
Subject: Re: [PATCH RFC] net: memcg accounting for veth devices
Luis Chamberlain <mcgrof@...nel.org> writes:
> On Tue, Mar 01, 2022 at 02:50:06PM -0600, Eric W. Biederman wrote:
>> I really have not looked at this pids controller.
>>
>> So I am not certain I understand your example here but I hope I have
>> answered your question.
>
> During experimentation with the above stress-ng test case, I saw tons
> of thread just waiting to do exit:
You increment the count of concurrent threads after a no return function
in do_exit. Since the increment is never reached the count always goes
down and eventually the warning prints.
> diff --git a/kernel/exit.c b/kernel/exit.c
> index 80c4a67d2770..653ca7ebfb58 100644
> --- a/kernel/exit.c
> +++ b/kernel/exit.c
> @@ -730,11 +730,24 @@ static void check_stack_usage(void)
> static inline void check_stack_usage(void) {}
> #endif
>
> +/* Approx more than twice max_threads */
> +#define MAX_EXIT_CONCURRENT (1<<17)
> +static atomic_t exit_concurrent_max = ATOMIC_INIT(MAX_EXIT_CONCURRENT);
> +static DECLARE_WAIT_QUEUE_HEAD(exit_wq);
> +
> void __noreturn do_exit(long code)
> {
> struct task_struct *tsk = current;
> int group_dead;
>
> + if (atomic_dec_if_positive(&exit_concurrent_max) < 0) {
> + pr_warn_ratelimited("exit: exit_concurrent_max (%u) close to 0 (max : %u), throttling...",
> + atomic_read(&exit_concurrent_max),
> + MAX_EXIT_CONCURRENT);
> + wait_event(exit_wq,
> + atomic_dec_if_positive(&exit_concurrent_max) >= 0);
> + }
> +
> /*
> * We can get here from a kernel oops, sometimes with preemption off.
> * Start by checking for critical errors.
> @@ -881,6 +894,9 @@ void __noreturn do_exit(long code)
>
> lockdep_free_task(tsk);
> do_task_dead();
The function do_task_dead never returns.
> +
> + atomic_inc(&exit_concurrent_max);
> + wake_up(&exit_wq);
> }
> EXPORT_SYMBOL_GPL(do_exit);
>
> diff --git a/kernel/ucount.c b/kernel/ucount.c
> index 4f5613dac227..980ffaba1ac5 100644
> --- a/kernel/ucount.c
> +++ b/kernel/ucount.c
> @@ -238,6 +238,8 @@ struct ucounts *inc_ucount(struct user_namespace *ns, kuid_t uid,
> long max;
> tns = iter->ns;
> max = READ_ONCE(tns->ucount_max[type]);
> + if (atomic_long_read(&iter->ucount[type]) > max/16)
> + cond_resched();
> if (!atomic_long_inc_below(&iter->ucount[type], max))
> goto fail;
> }
Eric
Powered by blists - more mailing lists